U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-29200

Change History

New CVE Received from GitHub, Inc. 3/28/2024 10:15:14 AM

Action Type Old Value New Value
Added Description

								
							
							
						
Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0.
Added CVSS V3.1

								
							
							
						
GitHub, Inc. AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Added CWE

								
							
							
						
GitHub, Inc. CWE-1220
Added Reference

								
							
							
						
GitHub, Inc. https://github.com/kimai/kimai/security/advisories/GHSA-cj3c-5xpm-cx94 [No types assigned]